[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2020-27661 as not-affected for Stretch

Tue, 24 Nov 2020 06:49:09 -0800 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8660a46f by Thorsten Alteholz at 2020-11-24T15:36:09+01:00
mark CVE-2020-27661 as not-affected for Stretch

- - - - -
06f733e5 by Thorsten Alteholz at 2020-11-24T15:46:52+01:00
add link to fix for qemu CVE-2020-27617

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6145,7 +6145,7 @@ CVE-2020-27661 [divide by zero in dwc2_handle_packet() in 
hw/usb/hcd-dwc2.c]
        RESERVED
        - qemu <unfixed> (bug #972864)
        [buster] - qemu <postponed> (Fix along in future DSA)
-       [stretch] - qemu <postponed> (Fix along in future DLA)
+       [stretch] - qemu <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html
        NOTE: Fixed by: 
https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03
 CVE-2020-27660
@@ -6252,6 +6252,7 @@ CVE-2020-27617 (eth_get_gso_type in net/eth.c in QEMU 
4.2.1 allows guest OS user
        [buster] - qemu <postponed> (Fix along in future DSA)
        [stretch] - qemu <postponed> (Minor issue, fix along in future DLA)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html
+       NOTE: fixed by: 
https://git.qemu.org/?p=qemu.git;a=commit;h=7564bf7701f00214cdc8a678a9f7df765244def1
 CVE-2020-27616 (ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter 
an outsi ...)
        - qemu <unfixed> (bug #975265)
        [buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA 
device emulation added later)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/240d81a7fec43572946432b7c6da887074434172...06f733e555981b78cc62aab761dd4df775815e26

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/240d81a7fec43572946432b7c6da887074434172...06f733e555981b78cc62aab761dd4df775815e26
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to